Brief

Summary:
CISA has released guidance addressing two critical vulnerabilities, CVE-2023-20198 and CVE-2023-20273, in Cisco's Internetworking Operating System (IOS) XE Software Web User Interface. An attacker can exploit these flaws to gain control over an affected system by creating a privileged account. CISA urges organizations with Cisco IOS XE Web UI to review the guidance and implement mitigations, including disabling the HTTP Server feature on internet-facing systems and monitoring for malicious activity on their network.

Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). An unauthenticated remote actor could exploit these vulnerabilities to take control of an affected system. Specifically, these vulnerabilities allow the actor to create a privileged account that provides complete control over the device.   

CISA urges organizations running Cisco IOS XE Web UI to review CISA’s guidance and immediately implement the mitigations outlined in:

These mitigations include disabling the HTTP Server feature on internet-facing systems, and hunt for malicious activity on their network.

Highlights content goes here...

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) has released guidance addressing two critical vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). These vulnerabilities, if exploited, allow an unauthenticated remote actor to take control of an affected system by creating a privileged account that provides complete control over the device.

The CISA guidance provides steps to mitigate these vulnerabilities, including:

1. Disabling the HTTP Server feature on internet-facing systems to prevent unauthorized access.
2. Hunting for malicious activity on the network to detect and respond to potential exploitation.

The vulnerabilities were actively exploited, and CISA urges organizations running Cisco IOS XE Web UI to review the guidance and implement the recommended mitigations immediately. The affected system is the Cisco IOS XE Software Web UI, which is a critical component of many network infrastructure devices.

Additional Resources

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
Cisco Talos blog: Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities

Recommendations

Organizations running Cisco IOS XE Web UI should implement the mitigations outlined in the CISA guidance to prevent potential exploitation.
Regularly monitor system logs and network traffic for suspicious activity.
* Implement a vulnerability management program to stay informed about new vulnerabilities and their mitigation strategies.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Login

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
$125 / month OR $1250 / year
Features
Best for: Researchers, Legal professionals, Academics
Enterprise Plan
Contact for Pricing
Features
Best for: Law Firms, Corporations, Government Bodies